admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-10-04 18:49:46 +00:00
parent 03501f1ba1
commit dfad4c948e
5 changed files with 112 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
server/AyaNova/Controllers/TagController.cs
View File

@@ -55,29 +55,20 @@ namespace AyaNova.Api.Controllers
public async Task<IActionResult> GetTag([FromRoute] long id)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Instantiate the business object handler
TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
TagBiz biz = TagBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
return StatusCode(401, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
var o = await biz.GetAsync(id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(new ApiOkResponse(o));
}
@@ -103,22 +94,16 @@ namespace AyaNova.Api.Controllers
public async Task<IActionResult> PickList([FromQuery] string q, [FromQuery] PagingOptions pagingOptions)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Instantiate the business object handler
TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
TagBiz biz = TagBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))//Note: anyone can read a tag, but that might change in future so keeping this code in
return StatusCode(401, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
ApiPagedResponse<NameIdItem> pr = await biz.GetPickListAsync(Url, nameof(PickList), pagingOptions, q);
return Ok(new ApiOkWithPagingResponse<NameIdItem>(pr));
@@ -137,49 +122,27 @@ namespace AyaNova.Api.Controllers
public async Task<IActionResult> PostTag([FromBody] NameItem inObj)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
//Instantiate the business object handler
TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
TagBiz biz = TagBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Create and validate
Tag o = await biz.CreateAsync(inObj.Name);
if (o == null)
{
//error return
return BadRequest(new ApiErrorResponse(biz.Errors));
}
else
{
//save and get ID for log then success return
await ct.SaveChangesAsync();
//Log
EventLogProcessor.AddEntryToContextNoSave(new Event(biz.UserId, o.Id, AyaType.Tag, AyaEvent.Created), ct);
await ct.SaveChangesAsync();
return CreatedAtAction("GetTag", new { id = o.Id }, new ApiCreatedResponse(o));
}
}
/// <summary>
/// Put (update) Tag
///
@@ -194,58 +157,33 @@ namespace AyaNova.Api.Controllers
public async Task<IActionResult> PutTag([FromRoute] long id, [FromBody] Tag oIn)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var oFromDb = await ct.Tag.SingleOrDefaultAsync(m => m.Id == id);
if (oFromDb == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Tag, oFromDb.OwnerId))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
TagBiz biz = TagBiz.GetBiz(ct, HttpContext);
if (!biz.Put(oFromDb, oIn))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
var oFromDb = await biz.GetAsync(id);
if (oFromDb == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//Log
EventLogProcessor.AddEntryToContextNoSave(new Event(biz.UserId, oFromDb.Id, AyaType.Tag, AyaEvent.Modified), ct);
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, oFromDb.OwnerId))
return StatusCode(401, new ApiNotAuthorizedResponse());
try
{
await ct.SaveChangesAsync();
if (!biz.Put(oFromDb, oIn))
return BadRequest(new ApiErrorResponse(biz.Errors));
}
catch (DbUpdateConcurrencyException)
{
if (!TagExists(id))
{
if (!await biz.ExistsAsync(id))
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
else
{
//exists but was changed by another user
//I considered returning new and old record, but where would it end?
//Better to let the client decide what to do than to send extra data that is not required
return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
}
}
return Ok(new ApiOkResponse(new { ConcurrencyToken = oFromDb.ConcurrencyToken }));
}
@@ -261,59 +199,36 @@ namespace AyaNova.Api.Controllers
[HttpPatch("{id}/{concurrencyToken}")]
public async Task<IActionResult> PatchTag([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<Tag> objectPatch)
{
//https://dotnetcoretutorials.com/2017/11/29/json-patch-asp-net-core/
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Instantiate the business object handler
TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
var oFromDb = await ct.Tag.SingleOrDefaultAsync(m => m.Id == id);
TagBiz biz = TagBiz.GetBiz(ct, HttpContext);
var oFromDb = await biz.GetAsync(id);
if (oFromDb == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Tag, oFromDb.OwnerId))
{
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, oFromDb.OwnerId))
return StatusCode(401, new ApiNotAuthorizedResponse());
}
//patch and validate
if (!biz.Patch(oFromDb, objectPatch, concurrencyToken))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
//Log
EventLogProcessor.AddEntryToContextNoSave(new Event(biz.UserId, oFromDb.Id, AyaType.Tag, AyaEvent.Modified), ct);
try
{
await ct.SaveChangesAsync();
//patch and validate
if (!biz.Patch(oFromDb, objectPatch, concurrencyToken))
return BadRequest(new ApiErrorResponse(biz.Errors));
}
catch (DbUpdateConcurrencyException)
{
if (!TagExists(id))
{
if (!await biz.ExistsAsync(id))
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
else
{
return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
}
}
return Ok(new ApiOkResponse(new { ConcurrencyToken = oFromDb.ConcurrencyToken }));
}
@@ -327,42 +242,25 @@ namespace AyaNova.Api.Controllers
[HttpPost("UntagAll/{id}")]
public async Task<IActionResult> UnTagEverything([FromRoute] long id)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var dbObj = await ct.Tag.SingleOrDefaultAsync(m => m.Id == id);
if (dbObj == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Tag, dbObj.OwnerId))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Instantiate the business object handler
TagBiz biz = new TagBiz(ct, UserId, UserRolesFromContext.Roles(HttpContext.Items));
TagBiz biz = TagBiz.GetBiz(ct, HttpContext);
var dbObj = await biz.GetAsync(id);
if (dbObj == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, dbObj.OwnerId))
return StatusCode(401, new ApiNotAuthorizedResponse());
//Untag from all places
if (!biz.Untag(dbObj))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
//Log
EventLogProcessor.AddEntryToContextNoSave(new Event(UserId, id, AyaType.Tag, AyaEvent.TagMassUntag), ct);
await ct.SaveChangesAsync();
return NoContent();
}
@@ -377,55 +275,29 @@ namespace AyaNova.Api.Controllers
[HttpDelete("{id}")]
public async Task<IActionResult> DeleteTag([FromRoute] long id)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var dbObj = await ct.Tag.SingleOrDefaultAsync(m => m.Id == id);
if (dbObj == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.Tag, dbObj.OwnerId))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
TagBiz biz = TagBiz.GetBiz(ct, HttpContext);
var dbObj = await biz.GetAsync(id);
if (dbObj == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId))
return StatusCode(401, new ApiNotAuthorizedResponse());
//NOTE: ct.SaveChanges not required after this call
//Delete will look after it as it also needs to delete related records manull that are not mapped in EF Core
if (!biz.Delete(dbObj))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
//Log
EventLogProcessor.DeleteObject(biz.UserId, AyaType.Tag, dbObj.Id, dbObj.Name, ct);
await ct.SaveChangesAsync();
return NoContent();
}
private bool TagExists(long id)
{
return ct.Tag.Any(e => e.Id == id);
}
//------------

1
server/AyaNova/Controllers/WidgetController.cs
View File

@@ -326,7 +326,6 @@ namespace AyaNova.Api.Controllers
}
else
{
//return success and link
return CreatedAtAction("GetWidget", new { id = o.Id }, new ApiCreatedResponse(o));
}